D484 / D 484 Final Exam (Latest
Update ) Penetration
Testing | Questions and Answers |
Grade A | 100% Correct (Verified
Solutions) - WGU
Question:
According to the OWASP Top 10, which of the following are among the most
relevant critical security risks to web applications?
Answer:
Broken authentication is in the OWASP Top 10 as one the most relevant
critical security risks to web applications and OWASP covers it in A2:2017-
Broken Authentication.
Cross-site scripting (XSS) is in the OWASP Top 10 as one the most relevant
critical security risks to web applications and OWASP covers it in A7:2017-
Cross-Site Scripting (XSS).
,Question:
A threat actor has induced a user to authenticate their session with a pre-
determined session ID (SID) which the threat actor also knows. The threat
actor is now using this known SID to impersonate the user. What type of
session attack is this?
Answer:
This represents a session fixation attack which requires the user to
authenticate with a known session identifier that the threat actor will then
use for impersonation.
Question:
A PenTester used msfvenom to generate a payload that a simplified script will
download and execute. Which option indicates that PowerShell will not load
any particular profile?
Answer:
The -nop option tells PowerShell not to load any particular profile, which may
customize the way PowerShell behaves in the environment.
,Question:
A PenTester is using PowerShell to automate a Registry exploit. What
operating system is the PenTester working on?
Answer:
The PenTester is working on the Windows operating system as Windows
PowerShell is a scripting language and shell for Microsoft® Windows® built on
the .NET Framework.
Question:
A penetration tester has discovered that a remote access tool can open a shell
on a Linux system without even authenticating. What command is the
penetration tester using?
Answer:
The penetration tester is using rsh which is a Linux command that can open a
shell, and if the server has an .rhosts file configured a certain way, the
penetration tester won't even need to supply credentials.
Question:
A penetration tester considering other remote access tools after recognizing
that Telnet is an older protocol that does not support encryption needs of the
company. Which tool is considered a modern answer to Telnet's deficiencies?
Answer:
Secure Shell (SSH) is the modern answer to Telnet's lack of encryption and
other security mechanisms. Some systems have SSH enabled by default.
, Question:
A penetration tester is using a framework to help manage available exploits
and keep control of the devices the tester has targeted. What kind of
framework is the tester using to accomplish this?
Answer:
The command and control (C2) frameworks manage available exploits, as well
as help penetration testers keep control of the devices the tester has targeted.
Question:
A PenTester exclusively tests macOS systems and wants to use the command
and control tool that will consistently provide the best results for that
operating system. Which tool will the PenTester select?
Answer:
Mythic is a cross-platform C2 framework tool that works with macOS, Linux,
and Windows, but it contains payloads that provide consistently good results
when PenTesting macOS.
Question:
A penetration tester is using Netcat and does not want the command to
perform DNS lookups for host names on the other end of the connection.
What option will accomplish this?
Answer:
The penetration tester can use the -n option to tell Netcat not to perform DNS
lookups for host names on the other end of the connection.
Update ) Penetration
Testing | Questions and Answers |
Grade A | 100% Correct (Verified
Solutions) - WGU
Question:
According to the OWASP Top 10, which of the following are among the most
relevant critical security risks to web applications?
Answer:
Broken authentication is in the OWASP Top 10 as one the most relevant
critical security risks to web applications and OWASP covers it in A2:2017-
Broken Authentication.
Cross-site scripting (XSS) is in the OWASP Top 10 as one the most relevant
critical security risks to web applications and OWASP covers it in A7:2017-
Cross-Site Scripting (XSS).
,Question:
A threat actor has induced a user to authenticate their session with a pre-
determined session ID (SID) which the threat actor also knows. The threat
actor is now using this known SID to impersonate the user. What type of
session attack is this?
Answer:
This represents a session fixation attack which requires the user to
authenticate with a known session identifier that the threat actor will then
use for impersonation.
Question:
A PenTester used msfvenom to generate a payload that a simplified script will
download and execute. Which option indicates that PowerShell will not load
any particular profile?
Answer:
The -nop option tells PowerShell not to load any particular profile, which may
customize the way PowerShell behaves in the environment.
,Question:
A PenTester is using PowerShell to automate a Registry exploit. What
operating system is the PenTester working on?
Answer:
The PenTester is working on the Windows operating system as Windows
PowerShell is a scripting language and shell for Microsoft® Windows® built on
the .NET Framework.
Question:
A penetration tester has discovered that a remote access tool can open a shell
on a Linux system without even authenticating. What command is the
penetration tester using?
Answer:
The penetration tester is using rsh which is a Linux command that can open a
shell, and if the server has an .rhosts file configured a certain way, the
penetration tester won't even need to supply credentials.
Question:
A penetration tester considering other remote access tools after recognizing
that Telnet is an older protocol that does not support encryption needs of the
company. Which tool is considered a modern answer to Telnet's deficiencies?
Answer:
Secure Shell (SSH) is the modern answer to Telnet's lack of encryption and
other security mechanisms. Some systems have SSH enabled by default.
, Question:
A penetration tester is using a framework to help manage available exploits
and keep control of the devices the tester has targeted. What kind of
framework is the tester using to accomplish this?
Answer:
The command and control (C2) frameworks manage available exploits, as well
as help penetration testers keep control of the devices the tester has targeted.
Question:
A PenTester exclusively tests macOS systems and wants to use the command
and control tool that will consistently provide the best results for that
operating system. Which tool will the PenTester select?
Answer:
Mythic is a cross-platform C2 framework tool that works with macOS, Linux,
and Windows, but it contains payloads that provide consistently good results
when PenTesting macOS.
Question:
A penetration tester is using Netcat and does not want the command to
perform DNS lookups for host names on the other end of the connection.
What option will accomplish this?
Answer:
The penetration tester can use the -n option to tell Netcat not to perform DNS
lookups for host names on the other end of the connection.
